1 2 /* pkcs11t.h include file for PKCS #11. */ 3 4 /* $Revision: 1.6 $ */ 5 6 /* License to copy and use this software is granted provided that it is 7 * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface 8 * (Cryptoki)" in all material mentioning or referencing this software. 9 10 * License is also granted to make and use derivative works provided that 11 * such works are identified as "derived from the RSA Security Inc. PKCS #11 12 * Cryptographic Token Interface (Cryptoki)" in all material mentioning or 13 * referencing the derived work. 14 15 * RSA Security Inc. makes no representations concerning either the 16 * merchantability of this software or the suitability of this software for 17 * any particular purpose. It is provided "as is" without express or implied 18 * warranty of any kind. 19 */ 20 21 /* See top of pkcs11.h for information about the macros that 22 * must be defined and the structure-packing conventions that 23 * must be set before including this file. */ 24 25 #ifndef _PKCS11T_H_ 26 #define _PKCS11T_H_ 1 27 28 #define CK_TRUE 1 29 #define CK_FALSE 0 30 31 #ifndef CK_DISABLE_TRUE_FALSE 32 #ifndef FALSE 33 #define FALSE CK_FALSE 34 #endif 35 36 #ifndef TRUE 37 #define TRUE CK_TRUE 38 #endif 39 #endif 40 41 /* an unsigned 8-bit value */ 42 typedef unsigned char CK_BYTE; 43 44 /* an unsigned 8-bit character */ 45 typedef CK_BYTE CK_CHAR; 46 47 /* an 8-bit UTF-8 character */ 48 typedef CK_BYTE CK_UTF8CHAR; 49 50 /* a BYTE-sized Boolean flag */ 51 typedef CK_BYTE CK_BBOOL; 52 53 /* an unsigned value, at least 32 bits long */ 54 typedef unsigned long int CK_ULONG; 55 56 /* a signed value, the same size as a CK_ULONG */ 57 58 /* CK_LONG is new for v2.0 */ 59 typedef long int CK_LONG; 60 61 /* at least 32 bits; each bit is a Boolean flag */ 62 typedef CK_ULONG CK_FLAGS; 63 64 65 /* some special values for certain CK_ULONG variables */ 66 #define CK_UNAVAILABLE_INFORMATION (~0UL) 67 #define CK_EFFECTIVELY_INFINITE 0 68 69 70 typedef CK_BYTE CK_PTR CK_BYTE_PTR; 71 typedef CK_CHAR CK_PTR CK_CHAR_PTR; 72 typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR; 73 typedef CK_ULONG CK_PTR CK_ULONG_PTR; 74 typedef void CK_PTR CK_VOID_PTR; 75 76 /* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */ 77 typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR; 78 79 80 /* The following value is always invalid if used as a session */ 81 82 /* handle or object handle */ 83 #define CK_INVALID_HANDLE 0 84 85 86 typedef struct CK_VERSION 87 { 88 CK_BYTE major; /* integer portion of version number */ 89 CK_BYTE minor; /* 1/100ths portion of version number */ 90 } CK_VERSION; 91 92 typedef CK_VERSION CK_PTR CK_VERSION_PTR; 93 94 95 typedef struct CK_INFO 96 { 97 /* manufacturerID and libraryDecription have been changed from 98 * CK_CHAR to CK_UTF8CHAR for v2.10 */ 99 CK_VERSION cryptokiVersion; /* Cryptoki interface ver */ 100 CK_UTF8CHAR manufacturerID[32]; /* blank padded */ 101 CK_FLAGS flags; /* must be zero */ 102 103 /* libraryDescription and libraryVersion are new for v2.0 */ 104 CK_UTF8CHAR libraryDescription[32]; /* blank padded */ 105 CK_VERSION libraryVersion; /* version of library */ 106 } CK_INFO; 107 108 typedef CK_INFO CK_PTR CK_INFO_PTR; 109 110 111 /* CK_NOTIFICATION enumerates the types of notifications that 112 * Cryptoki provides to an application */ 113 114 /* CK_NOTIFICATION has been changed from an enum to a CK_ULONG 115 * for v2.0 */ 116 typedef CK_ULONG CK_NOTIFICATION; 117 118 #define CKN_SURRENDER 0 119 120 121 typedef CK_ULONG CK_SLOT_ID; 122 123 typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR; 124 125 126 /* CK_SLOT_INFO provides information about a slot */ 127 typedef struct CK_SLOT_INFO 128 { 129 /* slotDescription and manufacturerID have been changed from 130 * CK_CHAR to CK_UTF8CHAR for v2.10 */ 131 CK_UTF8CHAR slotDescription[64]; /* blank padded */ 132 CK_UTF8CHAR manufacturerID[32]; /* blank padded */ 133 CK_FLAGS flags; 134 135 /* hardwareVersion and firmwareVersion are new for v2.0 */ 136 CK_VERSION hardwareVersion; /* version of hardware */ 137 CK_VERSION firmwareVersion; /* version of firmware */ 138 } CK_SLOT_INFO; 139 140 /* flags: bit flags that provide capabilities of the slot 141 * Bit Flag Mask Meaning 142 */ 143 #define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */ 144 #define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices */ 145 #define CKF_HW_SLOT 0x00000004 /* hardware slot */ 146 147 typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR; 148 149 150 /* CK_TOKEN_INFO provides information about a token */ 151 typedef struct CK_TOKEN_INFO 152 { 153 /* label, manufacturerID, and model have been changed from 154 * CK_CHAR to CK_UTF8CHAR for v2.10 */ 155 CK_UTF8CHAR label[32]; /* blank padded */ 156 CK_UTF8CHAR manufacturerID[32]; /* blank padded */ 157 CK_UTF8CHAR model[16]; /* blank padded */ 158 CK_CHAR serialNumber[16]; /* blank padded */ 159 CK_FLAGS flags; /* see below */ 160 161 /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount, 162 * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been 163 * changed from CK_USHORT to CK_ULONG for v2.0 */ 164 CK_ULONG ulMaxSessionCount; /* max open sessions */ 165 CK_ULONG ulSessionCount; /* sess. now open */ 166 CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */ 167 CK_ULONG ulRwSessionCount; /* R/W sess. now open */ 168 CK_ULONG ulMaxPinLen; /* in bytes */ 169 CK_ULONG ulMinPinLen; /* in bytes */ 170 CK_ULONG ulTotalPublicMemory; /* in bytes */ 171 CK_ULONG ulFreePublicMemory; /* in bytes */ 172 CK_ULONG ulTotalPrivateMemory; /* in bytes */ 173 CK_ULONG ulFreePrivateMemory; /* in bytes */ 174 175 /* hardwareVersion, firmwareVersion, and time are new for 176 * v2.0 */ 177 CK_VERSION hardwareVersion; /* version of hardware */ 178 CK_VERSION firmwareVersion; /* version of firmware */ 179 CK_CHAR utcTime[16]; /* time */ 180 } CK_TOKEN_INFO; 181 182 /* The flags parameter is defined as follows: 183 * Bit Flag Mask Meaning 184 */ 185 #define CKF_RNG 0x00000001 /* has random # 186 * generator */ 187 #define CKF_WRITE_PROTECTED 0x00000002 /* token is 188 * write- 189 * protected */ 190 #define CKF_LOGIN_REQUIRED 0x00000004 /* user must 191 * login */ 192 #define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's 193 * PIN is set */ 194 195 /* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set, 196 * that means that *every* time the state of cryptographic 197 * operations of a session is successfully saved, all keys 198 * needed to continue those operations are stored in the state */ 199 #define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020 200 201 /* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means 202 * that the token has some sort of clock. The time on that 203 * clock is returned in the token info structure */ 204 #define CKF_CLOCK_ON_TOKEN 0x00000040 205 206 /* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is 207 * set, that means that there is some way for the user to login 208 * without sending a PIN through the Cryptoki library itself */ 209 #define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100 210 211 /* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true, 212 * that means that a single session with the token can perform 213 * dual simultaneous cryptographic operations (digest and 214 * encrypt; decrypt and digest; sign and encrypt; and decrypt 215 * and sign) */ 216 #define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200 217 218 /* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the 219 * token has been initialized using C_InitializeToken or an 220 * equivalent mechanism outside the scope of PKCS #11. 221 * Calling C_InitializeToken when this flag is set will cause 222 * the token to be reinitialized. */ 223 #define CKF_TOKEN_INITIALIZED 0x00000400 224 225 /* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is 226 * true, the token supports secondary authentication for 227 228 * private key objects. This flag is deprecated in v2.11 and 229 onwards. */ 230 #define CKF_SECONDARY_AUTHENTICATION 0x00000800 231 232 /* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an 233 * incorrect user login PIN has been entered at least once 234 * since the last successful authentication. */ 235 #define CKF_USER_PIN_COUNT_LOW 0x00010000 236 237 /* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true, 238 * supplying an incorrect user PIN will it to become locked. */ 239 #define CKF_USER_PIN_FINAL_TRY 0x00020000 240 241 /* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the 242 * user PIN has been locked. User login to the token is not 243 * possible. */ 244 #define CKF_USER_PIN_LOCKED 0x00040000 245 246 /* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true, 247 * the user PIN value is the default value set by token 248 * initialization or manufacturing, or the PIN has been 249 * expired by the card. */ 250 #define CKF_USER_PIN_TO_BE_CHANGED 0x00080000 251 252 /* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an 253 * incorrect SO login PIN has been entered at least once since 254 * the last successful authentication. */ 255 #define CKF_SO_PIN_COUNT_LOW 0x00100000 256 257 /* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true, 258 * supplying an incorrect SO PIN will it to become locked. */ 259 #define CKF_SO_PIN_FINAL_TRY 0x00200000 260 261 /* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO 262 * PIN has been locked. SO login to the token is not possible. 263 */ 264 #define CKF_SO_PIN_LOCKED 0x00400000 265 266 /* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true, 267 * the SO PIN value is the default value set by token 268 * initialization or manufacturing, or the PIN has been 269 * expired by the card. */ 270 #define CKF_SO_PIN_TO_BE_CHANGED 0x00800000 271 272 typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR; 273 274 275 /* CK_SESSION_HANDLE is a Cryptoki-assigned value that 276 * identifies a session */ 277 typedef CK_ULONG CK_SESSION_HANDLE; 278 279 typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR; 280 281 282 283 /* CK_USER_TYPE enumerates the types of Cryptoki users */ 284 285 /* CK_USER_TYPE has been changed from an enum to a CK_ULONG for 286 * v2.0 */ 287 typedef CK_ULONG CK_USER_TYPE; 288 289 /* Security Officer */ 290 #define CKU_SO 0 291 292 /* Normal user */ 293 #define CKU_USER 1 294 295 /* Context specific (added in v2.20) */ 296 #define CKU_CONTEXT_SPECIFIC 2 297 298 /* CK_STATE enumerates the session states */ 299 300 /* CK_STATE has been changed from an enum to a CK_ULONG for 301 * v2.0 */ 302 typedef CK_ULONG CK_STATE; 303 304 #define CKS_RO_PUBLIC_SESSION 0 305 #define CKS_RO_USER_FUNCTIONS 1 306 #define CKS_RW_PUBLIC_SESSION 2 307 #define CKS_RW_USER_FUNCTIONS 3 308 #define CKS_RW_SO_FUNCTIONS 4 309 310 311 /* CK_SESSION_INFO provides information about a session */ 312 typedef struct CK_SESSION_INFO 313 { 314 CK_SLOT_ID slotID; 315 CK_STATE state; 316 CK_FLAGS flags; /* see below */ 317 318 /* ulDeviceError was changed from CK_USHORT to CK_ULONG for 319 * v2.0 */ 320 CK_ULONG ulDeviceError; /* device-dependent error code */ 321 } CK_SESSION_INFO; 322 323 /* The flags are defined in the following table: 324 * Bit Flag Mask Meaning 325 */ 326 #define CKF_RW_SESSION 0x00000002 /* session is r/w */ 327 #define CKF_SERIAL_SESSION 0x00000004 /* no parallel */ 328 329 typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR; 330 331 332 /* CK_OBJECT_HANDLE is a token-specific identifier for an 333 * object */ 334 typedef CK_ULONG CK_OBJECT_HANDLE; 335 336 typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR; 337 338 339 /* CK_OBJECT_CLASS is a value that identifies the classes (or 340 * types) of objects that Cryptoki recognizes. It is defined 341 * as follows: */ 342 343 /* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for 344 * v2.0 */ 345 typedef CK_ULONG CK_OBJECT_CLASS; 346 347 /* The following classes of objects are defined: */ 348 349 /* CKO_HW_FEATURE is new for v2.10 */ 350 351 /* CKO_DOMAIN_PARAMETERS is new for v2.11 */ 352 353 /* CKO_MECHANISM is new for v2.20 */ 354 #define CKO_DATA 0x00000000 355 #define CKO_CERTIFICATE 0x00000001 356 #define CKO_PUBLIC_KEY 0x00000002 357 #define CKO_PRIVATE_KEY 0x00000003 358 #define CKO_SECRET_KEY 0x00000004 359 #define CKO_HW_FEATURE 0x00000005 360 #define CKO_DOMAIN_PARAMETERS 0x00000006 361 #define CKO_MECHANISM 0x00000007 362 #define CKO_VENDOR_DEFINED 0x80000000 363 364 typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR; 365 366 /* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a 367 * value that identifies the hardware feature type of an object 368 * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */ 369 typedef CK_ULONG CK_HW_FEATURE_TYPE; 370 371 /* The following hardware feature types are defined */ 372 373 /* CKH_USER_INTERFACE is new for v2.20 */ 374 #define CKH_MONOTONIC_COUNTER 0x00000001 375 #define CKH_CLOCK 0x00000002 376 #define CKH_USER_INTERFACE 0x00000003 377 #define CKH_VENDOR_DEFINED 0x80000000 378 379 /* CK_KEY_TYPE is a value that identifies a key type */ 380 381 /* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */ 382 typedef CK_ULONG CK_KEY_TYPE; 383 384 /* the following key types are defined: */ 385 #define CKK_RSA 0x00000000 386 #define CKK_DSA 0x00000001 387 #define CKK_DH 0x00000002 388 389 /* CKK_ECDSA and CKK_KEA are new for v2.0 */ 390 391 /* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */ 392 #define CKK_ECDSA 0x00000003 393 #define CKK_EC 0x00000003 394 #define CKK_X9_42_DH 0x00000004 395 #define CKK_KEA 0x00000005 396 397 #define CKK_GENERIC_SECRET 0x00000010 398 #define CKK_RC2 0x00000011 399 #define CKK_RC4 0x00000012 400 #define CKK_DES 0x00000013 401 #define CKK_DES2 0x00000014 402 #define CKK_DES3 0x00000015 403 404 /* all these key types are new for v2.0 */ 405 #define CKK_CAST 0x00000016 406 #define CKK_CAST3 0x00000017 407 408 /* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */ 409 #define CKK_CAST5 0x00000018 410 #define CKK_CAST128 0x00000018 411 #define CKK_RC5 0x00000019 412 #define CKK_IDEA 0x0000001A 413 #define CKK_SKIPJACK 0x0000001B 414 #define CKK_BATON 0x0000001C 415 #define CKK_JUNIPER 0x0000001D 416 #define CKK_CDMF 0x0000001E 417 #define CKK_AES 0x0000001F 418 419 /* BlowFish and TwoFish are new for v2.20 */ 420 #define CKK_BLOWFISH 0x00000020 421 #define CKK_TWOFISH 0x00000021 422 423 #define CKK_VENDOR_DEFINED 0x80000000 424 425 426 /* CK_CERTIFICATE_TYPE is a value that identifies a certificate 427 * type */ 428 429 /* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG 430 * for v2.0 */ 431 typedef CK_ULONG CK_CERTIFICATE_TYPE; 432 433 /* The following certificate types are defined: */ 434 435 /* CKC_X_509_ATTR_CERT is new for v2.10 */ 436 437 /* CKC_WTLS is new for v2.20 */ 438 #define CKC_X_509 0x00000000 439 #define CKC_X_509_ATTR_CERT 0x00000001 440 #define CKC_WTLS 0x00000002 441 #define CKC_VENDOR_DEFINED 0x80000000 442 443 444 /* CK_ATTRIBUTE_TYPE is a value that identifies an attribute 445 * type */ 446 447 /* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for 448 * v2.0 */ 449 typedef CK_ULONG CK_ATTRIBUTE_TYPE; 450 451 /* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which 452 consists of an array of values. */ 453 #define CKF_ARRAY_ATTRIBUTE 0x40000000 454 455 /* The following attribute types are defined: */ 456 #define CKA_CLASS 0x00000000 457 #define CKA_TOKEN 0x00000001 458 #define CKA_PRIVATE 0x00000002 459 #define CKA_LABEL 0x00000003 460 #define CKA_APPLICATION 0x00000010 461 #define CKA_VALUE 0x00000011 462 463 /* CKA_OBJECT_ID is new for v2.10 */ 464 #define CKA_OBJECT_ID 0x00000012 465 466 #define CKA_CERTIFICATE_TYPE 0x00000080 467 #define CKA_ISSUER 0x00000081 468 #define CKA_SERIAL_NUMBER 0x00000082 469 470 /* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new 471 * for v2.10 */ 472 #define CKA_AC_ISSUER 0x00000083 473 #define CKA_OWNER 0x00000084 474 #define CKA_ATTR_TYPES 0x00000085 475 476 /* CKA_TRUSTED is new for v2.11 */ 477 #define CKA_TRUSTED 0x00000086 478 479 /* CKA_CERTIFICATE_CATEGORY ... 480 * CKA_CHECK_VALUE are new for v2.20 */ 481 #define CKA_CERTIFICATE_CATEGORY 0x00000087 482 #define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088 483 #define CKA_URL 0x00000089 484 #define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A 485 #define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B 486 #define CKA_CHECK_VALUE 0x00000090 487 488 #define CKA_KEY_TYPE 0x00000100 489 #define CKA_SUBJECT 0x00000101 490 #define CKA_ID 0x00000102 491 #define CKA_SENSITIVE 0x00000103 492 #define CKA_ENCRYPT 0x00000104 493 #define CKA_DECRYPT 0x00000105 494 #define CKA_WRAP 0x00000106 495 #define CKA_UNWRAP 0x00000107 496 #define CKA_SIGN 0x00000108 497 #define CKA_SIGN_RECOVER 0x00000109 498 #define CKA_VERIFY 0x0000010A 499 #define CKA_VERIFY_RECOVER 0x0000010B 500 #define CKA_DERIVE 0x0000010C 501 #define CKA_START_DATE 0x00000110 502 #define CKA_END_DATE 0x00000111 503 #define CKA_MODULUS 0x00000120 504 #define CKA_MODULUS_BITS 0x00000121 505 #define CKA_PUBLIC_EXPONENT 0x00000122 506 #define CKA_PRIVATE_EXPONENT 0x00000123 507 #define CKA_PRIME_1 0x00000124 508 #define CKA_PRIME_2 0x00000125 509 #define CKA_EXPONENT_1 0x00000126 510 #define CKA_EXPONENT_2 0x00000127 511 #define CKA_COEFFICIENT 0x00000128 512 #define CKA_PRIME 0x00000130 513 #define CKA_SUBPRIME 0x00000131 514 #define CKA_BASE 0x00000132 515 516 /* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */ 517 #define CKA_PRIME_BITS 0x00000133 518 #define CKA_SUBPRIME_BITS 0x00000134 519 #define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS 520 521 /* (To retain backwards-compatibility) */ 522 523 #define CKA_VALUE_BITS 0x00000160 524 #define CKA_VALUE_LEN 0x00000161 525 526 /* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE, 527 * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS, 528 * and CKA_EC_POINT are new for v2.0 */ 529 #define CKA_EXTRACTABLE 0x00000162 530 #define CKA_LOCAL 0x00000163 531 #define CKA_NEVER_EXTRACTABLE 0x00000164 532 #define CKA_ALWAYS_SENSITIVE 0x00000165 533 534 /* CKA_KEY_GEN_MECHANISM is new for v2.11 */ 535 #define CKA_KEY_GEN_MECHANISM 0x00000166 536 537 #define CKA_MODIFIABLE 0x00000170 538 539 /* CKA_ECDSA_PARAMS is deprecated in v2.11, 540 * CKA_EC_PARAMS is preferred. */ 541 #define CKA_ECDSA_PARAMS 0x00000180 542 #define CKA_EC_PARAMS 0x00000180 543 544 #define CKA_EC_POINT 0x00000181 545 546 /* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS, 547 * are new for v2.10. Deprecated in v2.11 and onwards. */ 548 #define CKA_SECONDARY_AUTH 0x00000200 549 #define CKA_AUTH_PIN_FLAGS 0x00000201 550 551 /* CKA_ALWAYS_AUTHENTICATE ... 552 * CKA_UNWRAP_TEMPLATE are new for v2.20 */ 553 #define CKA_ALWAYS_AUTHENTICATE 0x00000202 554 555 #define CKA_WRAP_WITH_TRUSTED 0x00000210 556 #define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211) 557 #define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212) 558 559 /* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET 560 * are new for v2.10 */ 561 #define CKA_HW_FEATURE_TYPE 0x00000300 562 #define CKA_RESET_ON_INIT 0x00000301 563 #define CKA_HAS_RESET 0x00000302 564 565 /* The following attributes are new for v2.20 */ 566 #define CKA_PIXEL_X 0x00000400 567 #define CKA_PIXEL_Y 0x00000401 568 #define CKA_RESOLUTION 0x00000402 569 #define CKA_CHAR_ROWS 0x00000403 570 #define CKA_CHAR_COLUMNS 0x00000404 571 #define CKA_COLOR 0x00000405 572 #define CKA_BITS_PER_PIXEL 0x00000406 573 #define CKA_CHAR_SETS 0x00000480 574 #define CKA_ENCODING_METHODS 0x00000481 575 #define CKA_MIME_TYPES 0x00000482 576 #define CKA_MECHANISM_TYPE 0x00000500 577 #define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501 578 #define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502 579 #define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503 580 #define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600) 581 582 #define CKA_VENDOR_DEFINED 0x80000000 583 584 585 /* CK_ATTRIBUTE is a structure that includes the type, length 586 * and value of an attribute */ 587 typedef struct CK_ATTRIBUTE 588 { 589 CK_ATTRIBUTE_TYPE type; 590 CK_VOID_PTR pValue; 591 592 /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */ 593 CK_ULONG ulValueLen; /* in bytes */ 594 } CK_ATTRIBUTE; 595 596 typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR; 597 598 599 /* CK_DATE is a structure that defines a date */ 600 typedef struct CK_DATE 601 { 602 CK_CHAR year[4]; /* the year ("1900" - "9999") */ 603 CK_CHAR month[2]; /* the month ("01" - "12") */ 604 CK_CHAR day[2]; /* the day ("01" - "31") */ 605 } CK_DATE; 606 607 608 /* CK_MECHANISM_TYPE is a value that identifies a mechanism 609 * type */ 610 611 /* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for 612 * v2.0 */ 613 typedef CK_ULONG CK_MECHANISM_TYPE; 614 615 /* the following mechanism types are defined: */ 616 #define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000 617 #define CKM_RSA_PKCS 0x00000001 618 #define CKM_RSA_9796 0x00000002 619 #define CKM_RSA_X_509 0x00000003 620 621 /* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS 622 * are new for v2.0. They are mechanisms which hash and sign */ 623 #define CKM_MD2_RSA_PKCS 0x00000004 624 #define CKM_MD5_RSA_PKCS 0x00000005 625 #define CKM_SHA1_RSA_PKCS 0x00000006 626 627 /* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and 628 * CKM_RSA_PKCS_OAEP are new for v2.10 */ 629 #define CKM_RIPEMD128_RSA_PKCS 0x00000007 630 #define CKM_RIPEMD160_RSA_PKCS 0x00000008 631 #define CKM_RSA_PKCS_OAEP 0x00000009 632 633 /* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31, 634 * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */ 635 #define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A 636 #define CKM_RSA_X9_31 0x0000000B 637 #define CKM_SHA1_RSA_X9_31 0x0000000C 638 #define CKM_RSA_PKCS_PSS 0x0000000D 639 #define CKM_SHA1_RSA_PKCS_PSS 0x0000000E 640 641 #define CKM_DSA_KEY_PAIR_GEN 0x00000010 642 #define CKM_DSA 0x00000011 643 #define CKM_DSA_SHA1 0x00000012 644 #define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020 645 #define CKM_DH_PKCS_DERIVE 0x00000021 646 647 /* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE, 648 * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for 649 * v2.11 */ 650 #define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030 651 #define CKM_X9_42_DH_DERIVE 0x00000031 652 #define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032 653 #define CKM_X9_42_MQV_DERIVE 0x00000033 654 655 /* CKM_SHA256/384/512 are new for v2.20 */ 656 #define CKM_SHA256_RSA_PKCS 0x00000040 657 #define CKM_SHA384_RSA_PKCS 0x00000041 658 #define CKM_SHA512_RSA_PKCS 0x00000042 659 #define CKM_SHA256_RSA_PKCS_PSS 0x00000043 660 #define CKM_SHA384_RSA_PKCS_PSS 0x00000044 661 #define CKM_SHA512_RSA_PKCS_PSS 0x00000045 662 663 #define CKM_RC2_KEY_GEN 0x00000100 664 #define CKM_RC2_ECB 0x00000101 665 #define CKM_RC2_CBC 0x00000102 666 #define CKM_RC2_MAC 0x00000103 667 668 /* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */ 669 #define CKM_RC2_MAC_GENERAL 0x00000104 670 #define CKM_RC2_CBC_PAD 0x00000105 671 672 #define CKM_RC4_KEY_GEN 0x00000110 673 #define CKM_RC4 0x00000111 674 #define CKM_DES_KEY_GEN 0x00000120 675 #define CKM_DES_ECB 0x00000121 676 #define CKM_DES_CBC 0x00000122 677 #define CKM_DES_MAC 0x00000123 678 679 /* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */ 680 #define CKM_DES_MAC_GENERAL 0x00000124 681 #define CKM_DES_CBC_PAD 0x00000125 682 683 #define CKM_DES2_KEY_GEN 0x00000130 684 #define CKM_DES3_KEY_GEN 0x00000131 685 #define CKM_DES3_ECB 0x00000132 686 #define CKM_DES3_CBC 0x00000133 687 #define CKM_DES3_MAC 0x00000134 688 689 /* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN, 690 * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC, 691 * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */ 692 #define CKM_DES3_MAC_GENERAL 0x00000135 693 #define CKM_DES3_CBC_PAD 0x00000136 694 #define CKM_CDMF_KEY_GEN 0x00000140 695 #define CKM_CDMF_ECB 0x00000141 696 #define CKM_CDMF_CBC 0x00000142 697 #define CKM_CDMF_MAC 0x00000143 698 #define CKM_CDMF_MAC_GENERAL 0x00000144 699 #define CKM_CDMF_CBC_PAD 0x00000145 700 701 /* the following four DES mechanisms are new for v2.20 */ 702 #define CKM_DES_OFB64 0x00000150 703 #define CKM_DES_OFB8 0x00000151 704 #define CKM_DES_CFB64 0x00000152 705 #define CKM_DES_CFB8 0x00000153 706 707 #define CKM_MD2 0x00000200 708 709 /* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */ 710 #define CKM_MD2_HMAC 0x00000201 711 #define CKM_MD2_HMAC_GENERAL 0x00000202 712 713 #define CKM_MD5 0x00000210 714 715 /* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */ 716 #define CKM_MD5_HMAC 0x00000211 717 #define CKM_MD5_HMAC_GENERAL 0x00000212 718 719 #define CKM_SHA_1 0x00000220 720 721 /* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */ 722 #define CKM_SHA_1_HMAC 0x00000221 723 #define CKM_SHA_1_HMAC_GENERAL 0x00000222 724 725 /* CKM_RIPEMD128, CKM_RIPEMD128_HMAC, 726 * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC, 727 * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */ 728 #define CKM_RIPEMD128 0x00000230 729 #define CKM_RIPEMD128_HMAC 0x00000231 730 #define CKM_RIPEMD128_HMAC_GENERAL 0x00000232 731 #define CKM_RIPEMD160 0x00000240 732 #define CKM_RIPEMD160_HMAC 0x00000241 733 #define CKM_RIPEMD160_HMAC_GENERAL 0x00000242 734 735 /* CKM_SHA256/384/512 are new for v2.20 */ 736 #define CKM_SHA256 0x00000250 737 #define CKM_SHA256_HMAC 0x00000251 738 #define CKM_SHA256_HMAC_GENERAL 0x00000252 739 #define CKM_SHA384 0x00000260 740 #define CKM_SHA384_HMAC 0x00000261 741 #define CKM_SHA384_HMAC_GENERAL 0x00000262 742 #define CKM_SHA512 0x00000270 743 #define CKM_SHA512_HMAC 0x00000271 744 #define CKM_SHA512_HMAC_GENERAL 0x00000272 745 746 /* All of the following mechanisms are new for v2.0 */ 747 748 /* Note that CAST128 and CAST5 are the same algorithm */ 749 #define CKM_CAST_KEY_GEN 0x00000300 750 #define CKM_CAST_ECB 0x00000301 751 #define CKM_CAST_CBC 0x00000302 752 #define CKM_CAST_MAC 0x00000303 753 #define CKM_CAST_MAC_GENERAL 0x00000304 754 #define CKM_CAST_CBC_PAD 0x00000305 755 #define CKM_CAST3_KEY_GEN 0x00000310 756 #define CKM_CAST3_ECB 0x00000311 757 #define CKM_CAST3_CBC 0x00000312 758 #define CKM_CAST3_MAC 0x00000313 759 #define CKM_CAST3_MAC_GENERAL 0x00000314 760 #define CKM_CAST3_CBC_PAD 0x00000315 761 #define CKM_CAST5_KEY_GEN 0x00000320 762 #define CKM_CAST128_KEY_GEN 0x00000320 763 #define CKM_CAST5_ECB 0x00000321 764 #define CKM_CAST128_ECB 0x00000321 765 #define CKM_CAST5_CBC 0x00000322 766 #define CKM_CAST128_CBC 0x00000322 767 #define CKM_CAST5_MAC 0x00000323 768 #define CKM_CAST128_MAC 0x00000323 769 #define CKM_CAST5_MAC_GENERAL 0x00000324 770 #define CKM_CAST128_MAC_GENERAL 0x00000324 771 #define CKM_CAST5_CBC_PAD 0x00000325 772 #define CKM_CAST128_CBC_PAD 0x00000325 773 #define CKM_RC5_KEY_GEN 0x00000330 774 #define CKM_RC5_ECB 0x00000331 775 #define CKM_RC5_CBC 0x00000332 776 #define CKM_RC5_MAC 0x00000333 777 #define CKM_RC5_MAC_GENERAL 0x00000334 778 #define CKM_RC5_CBC_PAD 0x00000335 779 #define CKM_IDEA_KEY_GEN 0x00000340 780 #define CKM_IDEA_ECB 0x00000341 781 #define CKM_IDEA_CBC 0x00000342 782 #define CKM_IDEA_MAC 0x00000343 783 #define CKM_IDEA_MAC_GENERAL 0x00000344 784 #define CKM_IDEA_CBC_PAD 0x00000345 785 #define CKM_GENERIC_SECRET_KEY_GEN 0x00000350 786 #define CKM_CONCATENATE_BASE_AND_KEY 0x00000360 787 #define CKM_CONCATENATE_BASE_AND_DATA 0x00000362 788 #define CKM_CONCATENATE_DATA_AND_BASE 0x00000363 789 #define CKM_XOR_BASE_AND_DATA 0x00000364 790 #define CKM_EXTRACT_KEY_FROM_KEY 0x00000365 791 #define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370 792 #define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371 793 #define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372 794 795 /* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN, 796 * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and 797 * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */ 798 #define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373 799 #define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374 800 #define CKM_TLS_MASTER_KEY_DERIVE 0x00000375 801 #define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376 802 #define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377 803 804 /* CKM_TLS_PRF is new for v2.20 */ 805 #define CKM_TLS_PRF 0x00000378 806 807 #define CKM_SSL3_MD5_MAC 0x00000380 808 #define CKM_SSL3_SHA1_MAC 0x00000381 809 #define CKM_MD5_KEY_DERIVATION 0x00000390 810 #define CKM_MD2_KEY_DERIVATION 0x00000391 811 #define CKM_SHA1_KEY_DERIVATION 0x00000392 812 813 /* CKM_SHA256/384/512 are new for v2.20 */ 814 #define CKM_SHA256_KEY_DERIVATION 0x00000393 815 #define CKM_SHA384_KEY_DERIVATION 0x00000394 816 #define CKM_SHA512_KEY_DERIVATION 0x00000395 817 818 #define CKM_PBE_MD2_DES_CBC 0x000003A0 819 #define CKM_PBE_MD5_DES_CBC 0x000003A1 820 #define CKM_PBE_MD5_CAST_CBC 0x000003A2 821 #define CKM_PBE_MD5_CAST3_CBC 0x000003A3 822 #define CKM_PBE_MD5_CAST5_CBC 0x000003A4 823 #define CKM_PBE_MD5_CAST128_CBC 0x000003A4 824 #define CKM_PBE_SHA1_CAST5_CBC 0x000003A5 825 #define CKM_PBE_SHA1_CAST128_CBC 0x000003A5 826 #define CKM_PBE_SHA1_RC4_128 0x000003A6 827 #define CKM_PBE_SHA1_RC4_40 0x000003A7 828 #define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8 829 #define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9 830 #define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA 831 #define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB 832 833 /* CKM_PKCS5_PBKD2 is new for v2.10 */ 834 #define CKM_PKCS5_PBKD2 0x000003B0 835 836 #define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0 837 838 /* WTLS mechanisms are new for v2.20 */ 839 #define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0 840 #define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1 841 #define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2 842 #define CKM_WTLS_PRF 0x000003D3 843 #define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4 844 #define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5 845 846 #define CKM_KEY_WRAP_LYNKS 0x00000400 847 #define CKM_KEY_WRAP_SET_OAEP 0x00000401 848 849 /* CKM_CMS_SIG is new for v2.20 */ 850 #define CKM_CMS_SIG 0x00000500 851 852 /* Fortezza mechanisms */ 853 #define CKM_SKIPJACK_KEY_GEN 0x00001000 854 #define CKM_SKIPJACK_ECB64 0x00001001 855 #define CKM_SKIPJACK_CBC64 0x00001002 856 #define CKM_SKIPJACK_OFB64 0x00001003 857 #define CKM_SKIPJACK_CFB64 0x00001004 858 #define CKM_SKIPJACK_CFB32 0x00001005 859 #define CKM_SKIPJACK_CFB16 0x00001006 860 #define CKM_SKIPJACK_CFB8 0x00001007 861 #define CKM_SKIPJACK_WRAP 0x00001008 862 #define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009 863 #define CKM_SKIPJACK_RELAYX 0x0000100a 864 #define CKM_KEA_KEY_PAIR_GEN 0x00001010 865 #define CKM_KEA_KEY_DERIVE 0x00001011 866 #define CKM_FORTEZZA_TIMESTAMP 0x00001020 867 #define CKM_BATON_KEY_GEN 0x00001030 868 #define CKM_BATON_ECB128 0x00001031 869 #define CKM_BATON_ECB96 0x00001032 870 #define CKM_BATON_CBC128 0x00001033 871 #define CKM_BATON_COUNTER 0x00001034 872 #define CKM_BATON_SHUFFLE 0x00001035 873 #define CKM_BATON_WRAP 0x00001036 874 875 /* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11, 876 * CKM_EC_KEY_PAIR_GEN is preferred */ 877 #define CKM_ECDSA_KEY_PAIR_GEN 0x00001040 878 #define CKM_EC_KEY_PAIR_GEN 0x00001040 879 880 #define CKM_ECDSA 0x00001041 881 #define CKM_ECDSA_SHA1 0x00001042 882 883 /* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE 884 * are new for v2.11 */ 885 #define CKM_ECDH1_DERIVE 0x00001050 886 #define CKM_ECDH1_COFACTOR_DERIVE 0x00001051 887 #define CKM_ECMQV_DERIVE 0x00001052 888 889 #define CKM_JUNIPER_KEY_GEN 0x00001060 890 #define CKM_JUNIPER_ECB128 0x00001061 891 #define CKM_JUNIPER_CBC128 0x00001062 892 #define CKM_JUNIPER_COUNTER 0x00001063 893 #define CKM_JUNIPER_SHUFFLE 0x00001064 894 #define CKM_JUNIPER_WRAP 0x00001065 895 #define CKM_FASTHASH 0x00001070 896 897 /* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC, 898 * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN, 899 * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are 900 * new for v2.11 */ 901 #define CKM_AES_KEY_GEN 0x00001080 902 #define CKM_AES_ECB 0x00001081 903 #define CKM_AES_CBC 0x00001082 904 #define CKM_AES_MAC 0x00001083 905 #define CKM_AES_MAC_GENERAL 0x00001084 906 #define CKM_AES_CBC_PAD 0x00001085 907 908 /* BlowFish and TwoFish are new for v2.20 */ 909 #define CKM_BLOWFISH_KEY_GEN 0x00001090 910 #define CKM_BLOWFISH_CBC 0x00001091 911 #define CKM_TWOFISH_KEY_GEN 0x00001092 912 #define CKM_TWOFISH_CBC 0x00001093 913 914 915 /* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */ 916 #define CKM_DES_ECB_ENCRYPT_DATA 0x00001100 917 #define CKM_DES_CBC_ENCRYPT_DATA 0x00001101 918 #define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102 919 #define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103 920 #define CKM_AES_ECB_ENCRYPT_DATA 0x00001104 921 #define CKM_AES_CBC_ENCRYPT_DATA 0x00001105 922 923 #define CKM_DSA_PARAMETER_GEN 0x00002000 924 #define CKM_DH_PKCS_PARAMETER_GEN 0x00002001 925 #define CKM_X9_42_DH_PARAMETER_GEN 0x00002002 926 927 #define CKM_VENDOR_DEFINED 0x80000000 928 929 typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR; 930 931 932 /* CK_MECHANISM is a structure that specifies a particular 933 * mechanism */ 934 typedef struct CK_MECHANISM 935 { 936 CK_MECHANISM_TYPE mechanism; 937 CK_VOID_PTR pParameter; 938 939 /* ulParameterLen was changed from CK_USHORT to CK_ULONG for 940 * v2.0 */ 941 CK_ULONG ulParameterLen; /* in bytes */ 942 } CK_MECHANISM; 943 944 typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR; 945 946 947 /* CK_MECHANISM_INFO provides information about a particular 948 * mechanism */ 949 typedef struct CK_MECHANISM_INFO 950 { 951 CK_ULONG ulMinKeySize; 952 CK_ULONG ulMaxKeySize; 953 CK_FLAGS flags; 954 } CK_MECHANISM_INFO; 955 956 /* The flags are defined as follows: 957 * Bit Flag Mask Meaning */ 958 #define CKF_HW 0x00000001 /* performed by HW */ 959 960 /* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN, 961 * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER, 962 * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP, 963 * and CKF_DERIVE are new for v2.0. They specify whether or not 964 * a mechanism can be used for a particular task */ 965 #define CKF_ENCRYPT 0x00000100 966 #define CKF_DECRYPT 0x00000200 967 #define CKF_DIGEST 0x00000400 968 #define CKF_SIGN 0x00000800 969 #define CKF_SIGN_RECOVER 0x00001000 970 #define CKF_VERIFY 0x00002000 971 #define CKF_VERIFY_RECOVER 0x00004000 972 #define CKF_GENERATE 0x00008000 973 #define CKF_GENERATE_KEY_PAIR 0x00010000 974 #define CKF_WRAP 0x00020000 975 #define CKF_UNWRAP 0x00040000 976 #define CKF_DERIVE 0x00080000 977 978 /* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE, 979 * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They 980 * describe a token's EC capabilities not available in mechanism 981 * information. */ 982 #define CKF_EC_F_P 0x00100000 983 #define CKF_EC_F_2M 0x00200000 984 #define CKF_EC_ECPARAMETERS 0x00400000 985 #define CKF_EC_NAMEDCURVE 0x00800000 986 #define CKF_EC_UNCOMPRESS 0x01000000 987 #define CKF_EC_COMPRESS 0x02000000 988 989 #define CKF_EXTENSION 0x80000000 /* FALSE for this version */ 990 991 typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR; 992 993 994 /* CK_RV is a value that identifies the return value of a 995 * Cryptoki function */ 996 997 /* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */ 998 typedef CK_ULONG CK_RV; 999 1000 #define CKR_OK 0x00000000 1001 #define CKR_CANCEL 0x00000001 1002 #define CKR_HOST_MEMORY 0x00000002 1003 #define CKR_SLOT_ID_INVALID 0x00000003 1004 1005 /* CKR_FLAGS_INVALID was removed for v2.0 */ 1006 1007 /* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */ 1008 #define CKR_GENERAL_ERROR 0x00000005 1009 #define CKR_FUNCTION_FAILED 0x00000006 1010 1011 /* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS, 1012 * and CKR_CANT_LOCK are new for v2.01 */ 1013 #define CKR_ARGUMENTS_BAD 0x00000007 1014 #define CKR_NO_EVENT 0x00000008 1015 #define CKR_NEED_TO_CREATE_THREADS 0x00000009 1016 #define CKR_CANT_LOCK 0x0000000A 1017 1018 #define CKR_ATTRIBUTE_READ_ONLY 0x00000010 1019 #define CKR_ATTRIBUTE_SENSITIVE 0x00000011 1020 #define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012 1021 #define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013 1022 #define CKR_DATA_INVALID 0x00000020 1023 #define CKR_DATA_LEN_RANGE 0x00000021 1024 #define CKR_DEVICE_ERROR 0x00000030 1025 1026 #define CKR_DEVICE_MEMORY 0x00000031 1027 #define CKR_DEVICE_REMOVED 0x00000032 1028 #define CKR_ENCRYPTED_DATA_INVALID 0x00000040 1029 #define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041 1030 #define CKR_FUNCTION_CANCELED 0x00000050 1031 #define CKR_FUNCTION_NOT_PARALLEL 0x00000051 1032 1033 /* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */ 1034 #define CKR_FUNCTION_NOT_SUPPORTED 0x00000054 1035 1036 #define CKR_KEY_HANDLE_INVALID 0x00000060 1037 1038 /* CKR_KEY_SENSITIVE was removed for v2.0 */ 1039 1040 #define CKR_KEY_SIZE_RANGE 0x00000062 1041 #define CKR_KEY_TYPE_INCONSISTENT 0x00000063 1042 1043 /* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED, 1044 * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED, 1045 * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for 1046 * v2.0 */ 1047 #define CKR_KEY_NOT_NEEDED 0x00000064 1048 #define CKR_KEY_CHANGED 0x00000065 1049 #define CKR_KEY_NEEDED 0x00000066 1050 #define CKR_KEY_INDIGESTIBLE 0x00000067 1051 #define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068 1052 #define CKR_KEY_NOT_WRAPPABLE 0x00000069 1053 #define CKR_KEY_UNEXTRACTABLE 0x0000006A 1054 1055 #define CKR_MECHANISM_INVALID 0x00000070 1056 #define CKR_MECHANISM_PARAM_INVALID 0x00000071 1057 1058 /* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID 1059 * were removed for v2.0 */ 1060 #define CKR_OBJECT_HANDLE_INVALID 0x00000082 1061 #define CKR_OPERATION_ACTIVE 0x00000090 1062 #define CKR_OPERATION_NOT_INITIALIZED 0x00000091 1063 #define CKR_PIN_INCORRECT 0x000000A0 1064 #define CKR_PIN_INVALID 0x000000A1 1065 #define CKR_PIN_LEN_RANGE 0x000000A2 1066 1067 /* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */ 1068 #define CKR_PIN_EXPIRED 0x000000A3 1069 #define CKR_PIN_LOCKED 0x000000A4 1070 1071 #define CKR_SESSION_CLOSED 0x000000B0 1072 #define CKR_SESSION_COUNT 0x000000B1 1073 #define CKR_SESSION_HANDLE_INVALID 0x000000B3 1074 #define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4 1075 #define CKR_SESSION_READ_ONLY 0x000000B5 1076 #define CKR_SESSION_EXISTS 0x000000B6 1077 1078 /* CKR_SESSION_READ_ONLY_EXISTS and 1079 * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */ 1080 #define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7 1081 #define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8 1082 1083 #define CKR_SIGNATURE_INVALID 0x000000C0 1084 #define CKR_SIGNATURE_LEN_RANGE 0x000000C1 1085 #define CKR_TEMPLATE_INCOMPLETE 0x000000D0 1086 #define CKR_TEMPLATE_INCONSISTENT 0x000000D1 1087 #define CKR_TOKEN_NOT_PRESENT 0x000000E0 1088 #define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1 1089 #define CKR_TOKEN_WRITE_PROTECTED 0x000000E2 1090 #define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0 1091 #define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1 1092 #define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2 1093 #define CKR_USER_ALREADY_LOGGED_IN 0x00000100 1094 #define CKR_USER_NOT_LOGGED_IN 0x00000101 1095 #define CKR_USER_PIN_NOT_INITIALIZED 0x00000102 1096 #define CKR_USER_TYPE_INVALID 0x00000103 1097 1098 /* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES 1099 * are new to v2.01 */ 1100 #define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104 1101 #define CKR_USER_TOO_MANY_TYPES 0x00000105 1102 1103 #define CKR_WRAPPED_KEY_INVALID 0x00000110 1104 #define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112 1105 #define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113 1106 #define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114 1107 #define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115 1108 #define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120 1109 1110 /* These are new to v2.0 */ 1111 #define CKR_RANDOM_NO_RNG 0x00000121 1112 1113 /* These are new to v2.11 */ 1114 #define CKR_DOMAIN_PARAMS_INVALID 0x00000130 1115 1116 /* These are new to v2.0 */ 1117 #define CKR_BUFFER_TOO_SMALL 0x00000150 1118 #define CKR_SAVED_STATE_INVALID 0x00000160 1119 #define CKR_INFORMATION_SENSITIVE 0x00000170 1120 #define CKR_STATE_UNSAVEABLE 0x00000180 1121 1122 /* These are new to v2.01 */ 1123 #define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190 1124 #define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191 1125 #define CKR_MUTEX_BAD 0x000001A0 1126 #define CKR_MUTEX_NOT_LOCKED 0x000001A1 1127 1128 /* This is new to v2.20 */ 1129 #define CKR_FUNCTION_REJECTED 0x00000200 1130 1131 #define CKR_VENDOR_DEFINED 0x80000000 1132 1133 1134 /* CK_NOTIFY is an application callback that processes events */ 1135 typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY) (CK_SESSION_HANDLE hSession, /* the session's handle */ 1136 CK_NOTIFICATION event, CK_VOID_PTR pApplication /* passed to C_OpenSession */ 1137 ); 1138 1139 1140 /* CK_FUNCTION_LIST is a structure holding a Cryptoki spec 1141 * version and pointers of appropriate types to all the 1142 * Cryptoki functions */ 1143 1144 /* CK_FUNCTION_LIST is new for v2.0 */ 1145 typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST; 1146 1147 typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR; 1148 1149 typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR; 1150 1151 1152 /* CK_CREATEMUTEX is an application callback for creating a 1153 * mutex object */ 1154 typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX) (CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */ 1155 ); 1156 1157 1158 /* CK_DESTROYMUTEX is an application callback for destroying a 1159 * mutex object */ 1160 typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX) (CK_VOID_PTR pMutex /* pointer to mutex */ 1161 ); 1162 1163 1164 /* CK_LOCKMUTEX is an application callback for locking a mutex */ 1165 typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX) (CK_VOID_PTR pMutex /* pointer to mutex */ 1166 ); 1167 1168 1169 /* CK_UNLOCKMUTEX is an application callback for unlocking a 1170 * mutex */ 1171 typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX) (CK_VOID_PTR pMutex /* pointer to mutex */ 1172 ); 1173 1174 1175 /* CK_C_INITIALIZE_ARGS provides the optional arguments to 1176 * C_Initialize */ 1177 typedef struct CK_C_INITIALIZE_ARGS 1178 { 1179 CK_CREATEMUTEX CreateMutex; 1180 CK_DESTROYMUTEX DestroyMutex; 1181 CK_LOCKMUTEX LockMutex; 1182 CK_UNLOCKMUTEX UnlockMutex; 1183 CK_FLAGS flags; 1184 CK_VOID_PTR pReserved; 1185 } CK_C_INITIALIZE_ARGS; 1186 1187 /* flags: bit flags that provide capabilities of the slot 1188 * Bit Flag Mask Meaning 1189 */ 1190 #define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001 1191 #define CKF_OS_LOCKING_OK 0x00000002 1192 1193 typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR; 1194 1195 1196 /* additional flags for parameters to functions */ 1197 1198 /* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */ 1199 #define CKF_DONT_BLOCK 1 1200 1201 /* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10. 1202 * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message 1203 * Generation Function (MGF) applied to a message block when 1204 * formatting a message block for the PKCS #1 OAEP encryption 1205 * scheme. */ 1206 typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE; 1207 1208 typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR; 1209 1210 /* The following MGFs are defined */ 1211 1212 /* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512 1213 * are new for v2.20 */ 1214 #define CKG_MGF1_SHA1 0x00000001 1215 #define CKG_MGF1_SHA256 0x00000002 1216 #define CKG_MGF1_SHA384 0x00000003 1217 #define CKG_MGF1_SHA512 0x00000004 1218 1219 /* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10. 1220 * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source 1221 * of the encoding parameter when formatting a message block 1222 * for the PKCS #1 OAEP encryption scheme. */ 1223 typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE; 1224 1225 typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR; 1226 1227 /* The following encoding parameter sources are defined */ 1228 #define CKZ_DATA_SPECIFIED 0x00000001 1229 1230 /* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10. 1231 * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the 1232 * CKM_RSA_PKCS_OAEP mechanism. */ 1233 typedef struct CK_RSA_PKCS_OAEP_PARAMS 1234 { 1235 CK_MECHANISM_TYPE hashAlg; 1236 CK_RSA_PKCS_MGF_TYPE mgf; 1237 CK_RSA_PKCS_OAEP_SOURCE_TYPE source; 1238 CK_VOID_PTR pSourceData; 1239 CK_ULONG ulSourceDataLen; 1240 } CK_RSA_PKCS_OAEP_PARAMS; 1241 1242 typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR; 1243 1244 /* CK_RSA_PKCS_PSS_PARAMS is new for v2.11. 1245 * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the 1246 * CKM_RSA_PKCS_PSS mechanism(s). */ 1247 typedef struct CK_RSA_PKCS_PSS_PARAMS 1248 { 1249 CK_MECHANISM_TYPE hashAlg; 1250 CK_RSA_PKCS_MGF_TYPE mgf; 1251 CK_ULONG sLen; 1252 } CK_RSA_PKCS_PSS_PARAMS; 1253 1254 typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR; 1255 1256 /* CK_EC_KDF_TYPE is new for v2.11. */ 1257 typedef CK_ULONG CK_EC_KDF_TYPE; 1258 1259 /* The following EC Key Derivation Functions are defined */ 1260 #define CKD_NULL 0x00000001 1261 #define CKD_SHA1_KDF 0x00000002 1262 1263 /* CK_ECDH1_DERIVE_PARAMS is new for v2.11. 1264 * CK_ECDH1_DERIVE_PARAMS provides the parameters to the 1265 * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms, 1266 * where each party contributes one key pair. 1267 */ 1268 typedef struct CK_ECDH1_DERIVE_PARAMS 1269 { 1270 CK_EC_KDF_TYPE kdf; 1271 CK_ULONG ulSharedDataLen; 1272 CK_BYTE_PTR pSharedData; 1273 CK_ULONG ulPublicDataLen; 1274 CK_BYTE_PTR pPublicData; 1275 } CK_ECDH1_DERIVE_PARAMS; 1276 1277 typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR; 1278 1279 1280 /* CK_ECDH2_DERIVE_PARAMS is new for v2.11. 1281 * CK_ECDH2_DERIVE_PARAMS provides the parameters to the 1282 * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */ 1283 typedef struct CK_ECDH2_DERIVE_PARAMS 1284 { 1285 CK_EC_KDF_TYPE kdf; 1286 CK_ULONG ulSharedDataLen; 1287 CK_BYTE_PTR pSharedData; 1288 CK_ULONG ulPublicDataLen; 1289 CK_BYTE_PTR pPublicData; 1290 CK_ULONG ulPrivateDataLen; 1291 CK_OBJECT_HANDLE hPrivateData; 1292 CK_ULONG ulPublicDataLen2; 1293 CK_BYTE_PTR pPublicData2; 1294 } CK_ECDH2_DERIVE_PARAMS; 1295 1296 typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR; 1297 1298 typedef struct CK_ECMQV_DERIVE_PARAMS 1299 { 1300 CK_EC_KDF_TYPE kdf; 1301 CK_ULONG ulSharedDataLen; 1302 CK_BYTE_PTR pSharedData; 1303 CK_ULONG ulPublicDataLen; 1304 CK_BYTE_PTR pPublicData; 1305 CK_ULONG ulPrivateDataLen; 1306 CK_OBJECT_HANDLE hPrivateData; 1307 CK_ULONG ulPublicDataLen2; 1308 CK_BYTE_PTR pPublicData2; 1309 CK_OBJECT_HANDLE publicKey; 1310 } CK_ECMQV_DERIVE_PARAMS; 1311 1312 typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR; 1313 1314 /* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the 1315 * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */ 1316 typedef CK_ULONG CK_X9_42_DH_KDF_TYPE; 1317 typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR; 1318 1319 /* The following X9.42 DH key derivation functions are defined 1320 (besides CKD_NULL already defined : */ 1321 #define CKD_SHA1_KDF_ASN1 0x00000003 1322 #define CKD_SHA1_KDF_CONCATENATE 0x00000004 1323 1324 /* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11. 1325 * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the 1326 * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party 1327 * contributes one key pair */ 1328 typedef struct CK_X9_42_DH1_DERIVE_PARAMS 1329 { 1330 CK_X9_42_DH_KDF_TYPE kdf; 1331 CK_ULONG ulOtherInfoLen; 1332 CK_BYTE_PTR pOtherInfo; 1333 CK_ULONG ulPublicDataLen; 1334 CK_BYTE_PTR pPublicData; 1335 } CK_X9_42_DH1_DERIVE_PARAMS; 1336 1337 typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR 1338 CK_X9_42_DH1_DERIVE_PARAMS_PTR; 1339 1340 /* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11. 1341 * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the 1342 * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation 1343 * mechanisms, where each party contributes two key pairs */ 1344 typedef struct CK_X9_42_DH2_DERIVE_PARAMS 1345 { 1346 CK_X9_42_DH_KDF_TYPE kdf; 1347 CK_ULONG ulOtherInfoLen; 1348 CK_BYTE_PTR pOtherInfo; 1349 CK_ULONG ulPublicDataLen; 1350 CK_BYTE_PTR pPublicData; 1351 CK_ULONG ulPrivateDataLen; 1352 CK_OBJECT_HANDLE hPrivateData; 1353 CK_ULONG ulPublicDataLen2; 1354 CK_BYTE_PTR pPublicData2; 1355 } CK_X9_42_DH2_DERIVE_PARAMS; 1356 1357 typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR; 1358 1359 typedef struct CK_X9_42_MQV_DERIVE_PARAMS 1360 { 1361 CK_X9_42_DH_KDF_TYPE kdf; 1362 CK_ULONG ulOtherInfoLen; 1363 CK_BYTE_PTR pOtherInfo; 1364 CK_ULONG ulPublicDataLen; 1365 CK_BYTE_PTR pPublicData; 1366 CK_ULONG ulPrivateDataLen; 1367 CK_OBJECT_HANDLE hPrivateData; 1368 CK_ULONG ulPublicDataLen2; 1369 CK_BYTE_PTR pPublicData2; 1370 CK_OBJECT_HANDLE publicKey; 1371 } CK_X9_42_MQV_DERIVE_PARAMS; 1372 1373 typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR; 1374 1375 /* CK_KEA_DERIVE_PARAMS provides the parameters to the 1376 * CKM_KEA_DERIVE mechanism */ 1377 1378 /* CK_KEA_DERIVE_PARAMS is new for v2.0 */ 1379 typedef struct CK_KEA_DERIVE_PARAMS 1380 { 1381 CK_BBOOL isSender; 1382 CK_ULONG ulRandomLen; 1383 CK_BYTE_PTR pRandomA; 1384 CK_BYTE_PTR pRandomB; 1385 CK_ULONG ulPublicDataLen; 1386 CK_BYTE_PTR pPublicData; 1387 } CK_KEA_DERIVE_PARAMS; 1388 1389 typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR; 1390 1391 1392 /* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and 1393 * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just 1394 * holds the effective keysize */ 1395 typedef CK_ULONG CK_RC2_PARAMS; 1396 1397 typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR; 1398 1399 1400 /* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC 1401 * mechanism */ 1402 typedef struct CK_RC2_CBC_PARAMS 1403 { 1404 /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for 1405 * v2.0 */ 1406 CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ 1407 1408 CK_BYTE iv[8]; /* IV for CBC mode */ 1409 } CK_RC2_CBC_PARAMS; 1410 1411 typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR; 1412 1413 1414 /* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the 1415 * CKM_RC2_MAC_GENERAL mechanism */ 1416 1417 /* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */ 1418 typedef struct CK_RC2_MAC_GENERAL_PARAMS 1419 { 1420 CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ 1421 CK_ULONG ulMacLength; /* Length of MAC in bytes */ 1422 } CK_RC2_MAC_GENERAL_PARAMS; 1423 1424 typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR CK_RC2_MAC_GENERAL_PARAMS_PTR; 1425 1426 1427 /* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and 1428 * CKM_RC5_MAC mechanisms */ 1429 1430 /* CK_RC5_PARAMS is new for v2.0 */ 1431 typedef struct CK_RC5_PARAMS 1432 { 1433 CK_ULONG ulWordsize; /* wordsize in bits */ 1434 CK_ULONG ulRounds; /* number of rounds */ 1435 } CK_RC5_PARAMS; 1436 1437 typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR; 1438 1439 1440 /* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC 1441 * mechanism */ 1442 1443 /* CK_RC5_CBC_PARAMS is new for v2.0 */ 1444 typedef struct CK_RC5_CBC_PARAMS 1445 { 1446 CK_ULONG ulWordsize; /* wordsize in bits */ 1447 CK_ULONG ulRounds; /* number of rounds */ 1448 CK_BYTE_PTR pIv; /* pointer to IV */ 1449 CK_ULONG ulIvLen; /* length of IV in bytes */ 1450 } CK_RC5_CBC_PARAMS; 1451 1452 typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR; 1453 1454 1455 /* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the 1456 * CKM_RC5_MAC_GENERAL mechanism */ 1457 1458 /* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */ 1459 typedef struct CK_RC5_MAC_GENERAL_PARAMS 1460 { 1461 CK_ULONG ulWordsize; /* wordsize in bits */ 1462 CK_ULONG ulRounds; /* number of rounds */ 1463 CK_ULONG ulMacLength; /* Length of MAC in bytes */ 1464 } CK_RC5_MAC_GENERAL_PARAMS; 1465 1466 typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR CK_RC5_MAC_GENERAL_PARAMS_PTR; 1467 1468 1469 /* CK_MAC_GENERAL_PARAMS provides the parameters to most block 1470 * ciphers' MAC_GENERAL mechanisms. Its value is the length of 1471 * the MAC */ 1472 1473 /* CK_MAC_GENERAL_PARAMS is new for v2.0 */ 1474 typedef CK_ULONG CK_MAC_GENERAL_PARAMS; 1475 1476 typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR; 1477 1478 /* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */ 1479 typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS 1480 { 1481 CK_BYTE iv[8]; 1482 CK_BYTE_PTR pData; 1483 CK_ULONG length; 1484 } CK_DES_CBC_ENCRYPT_DATA_PARAMS; 1485 1486 typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR 1487 CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR; 1488 1489 typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS 1490 { 1491 CK_BYTE iv[16]; 1492 CK_BYTE_PTR pData; 1493 CK_ULONG length; 1494 } CK_AES_CBC_ENCRYPT_DATA_PARAMS; 1495 1496 typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR 1497 CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR; 1498 1499 /* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the 1500 * CKM_SKIPJACK_PRIVATE_WRAP mechanism */ 1501 1502 /* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */ 1503 typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS 1504 { 1505 CK_ULONG ulPasswordLen; 1506 CK_BYTE_PTR pPassword; 1507 CK_ULONG ulPublicDataLen; 1508 CK_BYTE_PTR pPublicData; 1509 CK_ULONG ulPAndGLen; 1510 CK_ULONG ulQLen; 1511 CK_ULONG ulRandomLen; 1512 CK_BYTE_PTR pRandomA; 1513 CK_BYTE_PTR pPrimeP; 1514 CK_BYTE_PTR pBaseG; 1515 CK_BYTE_PTR pSubprimeQ; 1516 } CK_SKIPJACK_PRIVATE_WRAP_PARAMS; 1517 1518 typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR CK_SKIPJACK_PRIVATE_WRAP_PTR; 1519 1520 1521 /* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the 1522 * CKM_SKIPJACK_RELAYX mechanism */ 1523 1524 /* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */ 1525 typedef struct CK_SKIPJACK_RELAYX_PARAMS 1526 { 1527 CK_ULONG ulOldWrappedXLen; 1528 CK_BYTE_PTR pOldWrappedX; 1529 CK_ULONG ulOldPasswordLen; 1530 CK_BYTE_PTR pOldPassword; 1531 CK_ULONG ulOldPublicDataLen; 1532 CK_BYTE_PTR pOldPublicData; 1533 CK_ULONG ulOldRandomLen; 1534 CK_BYTE_PTR pOldRandomA; 1535 CK_ULONG ulNewPasswordLen; 1536 CK_BYTE_PTR pNewPassword; 1537 CK_ULONG ulNewPublicDataLen; 1538 CK_BYTE_PTR pNewPublicData; 1539 CK_ULONG ulNewRandomLen; 1540 CK_BYTE_PTR pNewRandomA; 1541 } CK_SKIPJACK_RELAYX_PARAMS; 1542 1543 typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR CK_SKIPJACK_RELAYX_PARAMS_PTR; 1544 1545 1546 typedef struct CK_PBE_PARAMS 1547 { 1548 CK_BYTE_PTR pInitVector; 1549 CK_UTF8CHAR_PTR pPassword; 1550 CK_ULONG ulPasswordLen; 1551 CK_BYTE_PTR pSalt; 1552 CK_ULONG ulSaltLen; 1553 CK_ULONG ulIteration; 1554 } CK_PBE_PARAMS; 1555 1556 typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR; 1557 1558 1559 /* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the 1560 * CKM_KEY_WRAP_SET_OAEP mechanism */ 1561 1562 /* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */ 1563 typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS 1564 { 1565 CK_BYTE bBC; /* block contents byte */ 1566 CK_BYTE_PTR pX; /* extra data */ 1567 CK_ULONG ulXLen; /* length of extra data in bytes */ 1568 } CK_KEY_WRAP_SET_OAEP_PARAMS; 1569 1570 typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR CK_KEY_WRAP_SET_OAEP_PARAMS_PTR; 1571 1572 1573 typedef struct CK_SSL3_RANDOM_DATA 1574 { 1575 CK_BYTE_PTR pClientRandom; 1576 CK_ULONG ulClientRandomLen; 1577 CK_BYTE_PTR pServerRandom; 1578 CK_ULONG ulServerRandomLen; 1579 } CK_SSL3_RANDOM_DATA; 1580 1581 1582 typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS 1583 { 1584 CK_SSL3_RANDOM_DATA RandomInfo; 1585 CK_VERSION_PTR pVersion; 1586 } CK_SSL3_MASTER_KEY_DERIVE_PARAMS; 1587 1588 typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR 1589 CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR; 1590 1591 1592 typedef struct CK_SSL3_KEY_MAT_OUT 1593 { 1594 CK_OBJECT_HANDLE hClientMacSecret; 1595 CK_OBJECT_HANDLE hServerMacSecret; 1596 CK_OBJECT_HANDLE hClientKey; 1597 CK_OBJECT_HANDLE hServerKey; 1598 CK_BYTE_PTR pIVClient; 1599 CK_BYTE_PTR pIVServer; 1600 } CK_SSL3_KEY_MAT_OUT; 1601 1602 typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR; 1603 1604 1605 typedef struct CK_SSL3_KEY_MAT_PARAMS 1606 { 1607 CK_ULONG ulMacSizeInBits; 1608 CK_ULONG ulKeySizeInBits; 1609 CK_ULONG ulIVSizeInBits; 1610 CK_BBOOL bIsExport; 1611 CK_SSL3_RANDOM_DATA RandomInfo; 1612 CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; 1613 } CK_SSL3_KEY_MAT_PARAMS; 1614 1615 typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR; 1616 1617 /* CK_TLS_PRF_PARAMS is new for version 2.20 */ 1618 typedef struct CK_TLS_PRF_PARAMS 1619 { 1620 CK_BYTE_PTR pSeed; 1621 CK_ULONG ulSeedLen; 1622 CK_BYTE_PTR pLabel; 1623 CK_ULONG ulLabelLen; 1624 CK_BYTE_PTR pOutput; 1625 CK_ULONG_PTR pulOutputLen; 1626 } CK_TLS_PRF_PARAMS; 1627 1628 typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR; 1629 1630 /* WTLS is new for version 2.20 */ 1631 typedef struct CK_WTLS_RANDOM_DATA 1632 { 1633 CK_BYTE_PTR pClientRandom; 1634 CK_ULONG ulClientRandomLen; 1635 CK_BYTE_PTR pServerRandom; 1636 CK_ULONG ulServerRandomLen; 1637 } CK_WTLS_RANDOM_DATA; 1638 1639 typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR; 1640 1641 typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS 1642 { 1643 CK_MECHANISM_TYPE DigestMechanism; 1644 CK_WTLS_RANDOM_DATA RandomInfo; 1645 CK_BYTE_PTR pVersion; 1646 } CK_WTLS_MASTER_KEY_DERIVE_PARAMS; 1647 1648 typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR 1649 CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR; 1650 1651 typedef struct CK_WTLS_PRF_PARAMS 1652 { 1653 CK_MECHANISM_TYPE DigestMechanism; 1654 CK_BYTE_PTR pSeed; 1655 CK_ULONG ulSeedLen; 1656 CK_BYTE_PTR pLabel; 1657 CK_ULONG ulLabelLen; 1658 CK_BYTE_PTR pOutput; 1659 CK_ULONG_PTR pulOutputLen; 1660 } CK_WTLS_PRF_PARAMS; 1661 1662 typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR; 1663 1664 typedef struct CK_WTLS_KEY_MAT_OUT 1665 { 1666 CK_OBJECT_HANDLE hMacSecret; 1667 CK_OBJECT_HANDLE hKey; 1668 CK_BYTE_PTR pIV; 1669 } CK_WTLS_KEY_MAT_OUT; 1670 1671 typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR; 1672 1673 typedef struct CK_WTLS_KEY_MAT_PARAMS 1674 { 1675 CK_MECHANISM_TYPE DigestMechanism; 1676 CK_ULONG ulMacSizeInBits; 1677 CK_ULONG ulKeySizeInBits; 1678 CK_ULONG ulIVSizeInBits; 1679 CK_ULONG ulSequenceNumber; 1680 CK_BBOOL bIsExport; 1681 CK_WTLS_RANDOM_DATA RandomInfo; 1682 CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial; 1683 } CK_WTLS_KEY_MAT_PARAMS; 1684 1685 typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR; 1686 1687 /* CMS is new for version 2.20 */ 1688 typedef struct CK_CMS_SIG_PARAMS 1689 { 1690 CK_OBJECT_HANDLE certificateHandle; 1691 CK_MECHANISM_PTR pSigningMechanism; 1692 CK_MECHANISM_PTR pDigestMechanism; 1693 CK_UTF8CHAR_PTR pContentType; 1694 CK_BYTE_PTR pRequestedAttributes; 1695 CK_ULONG ulRequestedAttributesLen; 1696 CK_BYTE_PTR pRequiredAttributes; 1697 CK_ULONG ulRequiredAttributesLen; 1698 } CK_CMS_SIG_PARAMS; 1699 1700 typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR; 1701 1702 typedef struct CK_KEY_DERIVATION_STRING_DATA 1703 { 1704 CK_BYTE_PTR pData; 1705 CK_ULONG ulLen; 1706 } CK_KEY_DERIVATION_STRING_DATA; 1707 1708 typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR 1709 CK_KEY_DERIVATION_STRING_DATA_PTR; 1710 1711 1712 /* The CK_EXTRACT_PARAMS is used for the 1713 * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit 1714 * of the base key should be used as the first bit of the 1715 * derived key */ 1716 1717 /* CK_EXTRACT_PARAMS is new for v2.0 */ 1718 typedef CK_ULONG CK_EXTRACT_PARAMS; 1719 1720 typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR; 1721 1722 /* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10. 1723 * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to 1724 * indicate the Pseudo-Random Function (PRF) used to generate 1725 * key bits using PKCS #5 PBKDF2. */ 1726 typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE; 1727 1728 typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR 1729 CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR; 1730 1731 /* The following PRFs are defined in PKCS #5 v2.0. */ 1732 #define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001 1733 1734 1735 /* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10. 1736 * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the 1737 * source of the salt value when deriving a key using PKCS #5 1738 * PBKDF2. */ 1739 typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE; 1740 1741 typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR 1742 CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR; 1743 1744 /* The following salt value sources are defined in PKCS #5 v2.0. */ 1745 #define CKZ_SALT_SPECIFIED 0x00000001 1746 1747 /* CK_PKCS5_PBKD2_PARAMS is new for v2.10. 1748 * CK_PKCS5_PBKD2_PARAMS is a structure that provides the 1749 * parameters to the CKM_PKCS5_PBKD2 mechanism. */ 1750 typedef struct CK_PKCS5_PBKD2_PARAMS 1751 { 1752 CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; 1753 CK_VOID_PTR pSaltSourceData; 1754 CK_ULONG ulSaltSourceDataLen; 1755 CK_ULONG iterations; 1756 CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf; 1757 CK_VOID_PTR pPrfData; 1758 CK_ULONG ulPrfDataLen; 1759 CK_UTF8CHAR_PTR pPassword; 1760 CK_ULONG_PTR ulPasswordLen; 1761 } CK_PKCS5_PBKD2_PARAMS; 1762 1763 typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR; 1764 1765 #endif 1766